Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/10/11 12:0 a.m.9 views

Some ERC20Votes tokens will not work if you set approve() to any value without setting to zero first

Lines of code Vulnerability details Impact Not setting allowance to Zero before changing the allowance can hinder the deployment of the ERC20ProxyDelegator contract for some ERC20 tokens Proof of Concept Some ERC20 tokens like USDT with Voting enabled will not work when changing the allowance fro...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

USDT tokens should approve to zero first otherwise it may cause other tokens to get stuck in the case of aprooveMultipleTokens

Lines of code Vulnerability details Impact Unsafe ERC20 approve that do not handle non-standard erc20 behavior. Some token contracts do not return any value. Some token contracts revert the transaction when the allowance is not zero. Proof of Concept When receiving tokens to the destination chain...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.13 views

FETH.sol is susceptible to ERC20 approve functionality front-running exploit

Lines of code Vulnerability details Proof of concept The problem is perfectly described here The tldr; is that if you approved a person to spend 100 tokens and then you want to decrease his allowance to 50, if he spends his 100 tokens allowance before you set his allowance to 50 he will be able t...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/05/07 12:0 a.m.11 views

Deprecated safeApprove() function

Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.14 views

Yield sources cannot be swapped back

Handle shw Vulnerability details Impact The setYieldSource function of SwappableYieldSource calls the safeApprove function to approve the yield sources with the maximum allowance of transferring underlying tokens. However, according to OpenZeppelin's implementation, the safeApprove function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.11 views

The approveMax function of MStableYieldSource always reverts

Handle shw Vulnerability details Impact The approveMax function of MStableYieldSource calls the safeApprove function to set the allowance to the maximum. However, at the time of call, the allowance should be non-zero since it was set to the maximum in the constructor function. The non-zero...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.8 views

safeApprove() for Yearn Vault may revert preventing deposits causing DoS

Handle 0xRajeev Vulnerability details Impact The depositInVault function for Yearn yield source uses ERC20 safeApprove from OpenZeppelin's SafeERC20 library to give maximum allowance to the Yearn Vault address if the current allowance is less than contract’s token balance. However, the safeApprov...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/17 12:0 a.m.58 views

usage of safeApprove

Handle pauliax Vulnerability details Impact depositInVault in contract YearnV2YieldSource calls safeApprove when the allowance is less than the token balance: if token.allowanceaddressthis, addressv token.balanceOfaddressthis token.safeApproveaddressv, typeuint256.max; This does not mean that the...

6.9AI score
Exploits0
Rows per page
Query Builder